Esempio n. 1
0
        public void When_creating_a_student_should_not_leave_any_tracked_components()
        {
            using (var startup = new OwinStartup(DatabaseName, _localEducationAgencyIds))
            {
                var trackedComponents     = startup.GetTrackedComponents();
                int trackedComponentCount = trackedComponents.Count();
                trackedComponentCount.ShouldBe(0);

                using (var server = TestServer.Create(startup.Configuration))
                {
                    using (var client = new HttpClient(server.Handler))
                    {
                        client.Timeout = DefaultHttpClientTimeout;

                        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
                            "Bearer",
                            Guid.NewGuid()
                            .ToString());

                        var createResponse = StudentHelper.CreateStudent(client, DataSeedHelper.RandomName, DataSeedHelper.RandomName);
                        createResponse.ResponseMessage.EnsureSuccessStatusCode();
                        createResponse.ResponseMessage.StatusCode.ShouldBe(HttpStatusCode.Created);
                    }

                    trackedComponents     = startup.GetTrackedComponents();
                    trackedComponentCount = trackedComponents.Count();

                    trackedComponentCount.ShouldBe(
                        0,
                        "Tracked Components: " + string.Join(", ", trackedComponents.Select(tc => tc.Key.ToString())));
                }
            }
        }
Esempio n. 2
0
        public async Task <IActionResult> Accept(CancellationToken cancellationToken)
        {
            var response = HttpContext.GetOpenIdConnectResponse();

            if (response != null)
            {
                return(View("Error", response));
            }

            var request = HttpContext.GetOpenIdConnectRequest();

            if (request == null)
            {
                return(View("Error", new OpenIdConnectMessage
                {
                    Error = OpenIdConnectConstants.Errors.ServerError,
                    ErrorDescription = "An internal error has occurred"
                }));
            }

            // Create a new ClaimsIdentity containing the claims that
            // will be used to create an id_token, a token or a code.
            var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);

            // Copy the claims retrieved from the external identity provider
            // (e.g Google, Facebook, a WS-Fed provider or another OIDC server).
            foreach (var claim in HttpContext.User.Claims)
            {
                // Allow ClaimTypes.Name to be added in the id_token.
                // ClaimTypes.NameIdentifier is automatically added, even if its
                // destination is not defined or doesn't include "id_token".
                // The other claims won't be visible for the client application.
                if (claim.Type == ClaimTypes.Name)
                {
                    claim.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
                                          OpenIdConnectConstants.Destinations.IdentityToken);
                }

                // Include the GivenName claim
                else if (claim.Type == ClaimTypes.GivenName)
                {
                    claim.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
                                          OpenIdConnectConstants.Destinations.IdentityToken);
                }

                // Include the GivenName claim
                else if (claim.Type == ClaimTypes.Surname)
                {
                    claim.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
                                          OpenIdConnectConstants.Destinations.IdentityToken);
                }

                identity.AddClaim(claim);
            }


            var application = await GetApplicationAsync(request.ClientId, cancellationToken);

            if (application == null)
            {
                return(View("Error", new OpenIdConnectMessage
                {
                    Error = OpenIdConnectConstants.Errors.InvalidClient,
                    ErrorDescription = "Details concerning the calling client application cannot be found in the database"
                }));
            }

            // Create a new ClaimsIdentity containing the claims associated with the application.
            // Note: setting identity.Actor is not mandatory but can be useful to access
            // the whole delegation chain from the resource server (see ResourceController.cs).
            identity.Actor = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
            identity.Actor.AddClaim(ClaimTypes.NameIdentifier, application.ApplicationID);
            identity.Actor.AddClaim(ClaimTypes.Name, application.DisplayName,
                                    OpenIdConnectConstants.Destinations.AccessToken,
                                    OpenIdConnectConstants.Destinations.IdentityToken);

            // Create a new authentication ticket holding the user identity.
            var ticket = new AuthenticationTicket(
                new ClaimsPrincipal(identity),
                new AuthenticationProperties(),
                OpenIdConnectServerDefaults.AuthenticationScheme);

            // Set the list of scopes granted to the client application.
            // Note: this sample always grants the "openid", "email" and "profile" scopes
            // when they are requested by the client application: a real world application
            // would probably display a form allowing to select the scopes to grant.
            ticket.SetScopes(new[] {
                /* openid: */ OpenIdConnectConstants.Scopes.OpenId,
                /* email: */ OpenIdConnectConstants.Scopes.Email,
                /* profile: */ OpenIdConnectConstants.Scopes.Profile,
                /* offline_access: */ OpenIdConnectConstants.Scopes.OfflineAccess
            }.Intersect(request.GetScopes()));


            // Set the resources servers the access token should be issued for.
            ticket.SetResources("resource_server");

            //add the user to the database if he doesn't exist yet
            var firstName = GetGivenName(ticket);
            var lastname  = GetSurname(ticket);

            if (!_studentsRepo.DoesStudentExist(firstName, lastname))
            {
                var newStudent = StudentHelper.CreateStudent(firstName, lastname);

                _studentsRepo.Add(newStudent);
            }

            // Returning a SignInResult will ask ASOS to serialize the specified identity to build appropriate tokens.
            // Note: you should always make sure the identities you return contain ClaimTypes.NameIdentifier claim.
            // In this sample, the identity always contains the name identifier returned by the external provider.
            return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
        }